Security Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Security Issue

It was able to call up external includes using the below code which resulted that the server was used to send out spam.

How can I protect the code?

TIA

<?php

session_start();

//-----------------------------------------------------------------------------------------------

// index.php

//-----------------------------------------------------------------------------------------------

include("../inc/const.php");

include("../inc/mysql.php");

 $menu=2;

include("../inc/static.php");

//include("../inc/prolog.php");

$base = getenv("SERVER_NAME").getenv("SCRIPT_NAME");

//$menu = $HTTP_GET_VARS['menu'];

$submenu_list = $HTTP_GET_VARS['submenu_list'];

$contfile = $HTTP_GET_VARS['contfile'];

$id = $HTTP_GET_VARS['id'];

$stk = $HTTP_GET_VARS['stk'];

$contpath = $HTTP_GET_VARS['contpath'];

if ($contpath=="")

{ $contpath="./"; }

?>

<html>

<head>

        <title>Neuer Wissenschaftlicher Verlag - <?php print $typ_subnav[$menu]?></title>

        <script language="_javascript_" SRC="">

        <link rel="stylesheet" href="">

</head>

<body bgcolor="#ffffff" topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" link="#006666" vlink="#006666" alink="#006666">

<table height="100%" width="100%" topmargin="0" cellspacing="0" cellpadding="0" border="0">

<tr valign="top" height="105">

    <td colspan="3" valign="top">

        <? include("../inc/prolog.php");?>

    </td>

</tr>

<tr valign="top" height="30">

    <td valign="top" height="30" background="" include("../inc/leftmenu.php");?></td>

    <td width="100%">&nbsp;</td>

    <!-- hier ist die rechte spalte mit dem background -->

    <!-- <td height="30" background="" src="" width="180" height="1"></td> -->

</tr>

<tr valign="top">

        <td valign="top" background="" nav_menupic($menu);?>

            <?php

          //----------------------------------------------------------------------------------------

          //  Subnavigation

          //----------------------------------------------------------------------------------------

                include("../inc/subnav.php");

                ?>

        </td>


<!-- END LEFT-NAV -->

     <td valign="top">

     <?php include($contpath . "/content.php");?>

<!-- END CONTENT -->

     </td>

    

     <?//php include("../inc/epilog.php");

     ?>

  </tr>

 </table>

 

 </body>

 

</html>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux